import gnome-remote-desktop-40.0-7.el9
This commit is contained in:
parent
1c1969d31e
commit
9b811b0b19
@ -0,0 +1,92 @@
|
|||||||
|
From fdc71dd25c8505b3580e70afd4b4213cad8f8ebb Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
|
||||||
|
Date: Mon, 25 Oct 2021 16:14:26 +0200
|
||||||
|
Subject: [PATCH] crypto: Don't compile SHA1 support when Websockets are
|
||||||
|
disabled
|
||||||
|
|
||||||
|
SHA1 is not ideal, security wise. Let's make sure we don't even have it
|
||||||
|
compiled when nothing depends on it, e.g. Websockets.
|
||||||
|
---
|
||||||
|
common/crypto.h | 2 ++
|
||||||
|
common/crypto_included.c | 2 ++
|
||||||
|
common/crypto_libgcrypt.c | 2 ++
|
||||||
|
common/crypto_openssl.c | 2 ++
|
||||||
|
4 files changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/common/crypto.h b/common/crypto.h
|
||||||
|
index 04be9304..c1f32194 100644
|
||||||
|
--- a/common/crypto.h
|
||||||
|
+++ b/common/crypto.h
|
||||||
|
@@ -11,7 +11,9 @@
|
||||||
|
int hash_md5(void *out, const void *in, const size_t in_len);
|
||||||
|
|
||||||
|
/* Generates an SHA1 hash of 'in' and writes it to 'out', which must be 20 bytes in size. */
|
||||||
|
+#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
|
||||||
|
int hash_sha1(void *out, const void *in, const size_t in_len);
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
/* Fill 'out' with 'len' random bytes. */
|
||||||
|
void random_bytes(void *out, size_t len);
|
||||||
|
diff --git a/common/crypto_included.c b/common/crypto_included.c
|
||||||
|
index b359336f..cf8d43c2 100644
|
||||||
|
--- a/common/crypto_included.c
|
||||||
|
+++ b/common/crypto_included.c
|
||||||
|
@@ -33,6 +33,7 @@ int hash_md5(void *out, const void *in, const size_t in_len)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
|
||||||
|
int hash_sha1(void *out, const void *in, const size_t in_len)
|
||||||
|
{
|
||||||
|
SHA1Context sha1;
|
||||||
|
@@ -45,6 +46,7 @@ int hash_sha1(void *out, const void *in, const size_t in_len)
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
+#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */
|
||||||
|
|
||||||
|
void random_bytes(void *out, size_t len)
|
||||||
|
{
|
||||||
|
diff --git a/common/crypto_libgcrypt.c b/common/crypto_libgcrypt.c
|
||||||
|
index 34d845b4..f62bdaf8 100644
|
||||||
|
--- a/common/crypto_libgcrypt.c
|
||||||
|
+++ b/common/crypto_libgcrypt.c
|
||||||
|
@@ -74,6 +74,7 @@ int hash_md5(void *out, const void *in, const size_t in_len)
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
|
||||||
|
int hash_sha1(void *out, const void *in, const size_t in_len)
|
||||||
|
{
|
||||||
|
int result = 0;
|
||||||
|
@@ -98,6 +99,7 @@ int hash_sha1(void *out, const void *in, const size_t in_len)
|
||||||
|
gcry_md_close(sha1);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
+#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */
|
||||||
|
|
||||||
|
void random_bytes(void *out, size_t len)
|
||||||
|
{
|
||||||
|
diff --git a/common/crypto_openssl.c b/common/crypto_openssl.c
|
||||||
|
index 60d4bd4d..9816eb04 100644
|
||||||
|
--- a/common/crypto_openssl.c
|
||||||
|
+++ b/common/crypto_openssl.c
|
||||||
|
@@ -49,6 +49,7 @@ int hash_md5(void *out, const void *in, const size_t in_len)
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
|
||||||
|
int hash_sha1(void *out, const void *in, const size_t in_len)
|
||||||
|
{
|
||||||
|
SHA_CTX sha1;
|
||||||
|
@@ -60,6 +61,7 @@ int hash_sha1(void *out, const void *in, const size_t in_len)
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
+#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */
|
||||||
|
|
||||||
|
void random_bytes(void *out, size_t len)
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -4,26 +4,24 @@
|
|||||||
|
|
||||||
%if 0%{?rhel} >= 9
|
%if 0%{?rhel} >= 9
|
||||||
%global bundle_libvncserver 1
|
%global bundle_libvncserver 1
|
||||||
%global libvncserver_name LibVNCServer
|
|
||||||
%global libvncserver_version 0.9.13
|
|
||||||
%global enable_rdp 0
|
%global enable_rdp 0
|
||||||
%else
|
%else
|
||||||
%global bundle_libvncserver 0
|
%global bundle_libvncserver 0
|
||||||
%global enable_rdp 1
|
%global enable_rdp 1
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%global libvncserver_name LibVNCServer
|
||||||
|
%global libvncserver_version 0.9.13
|
||||||
|
|
||||||
Name: gnome-remote-desktop
|
Name: gnome-remote-desktop
|
||||||
Version: 40.0
|
Version: 40.0
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
Summary: GNOME Remote Desktop screen share service
|
Summary: GNOME Remote Desktop screen share service
|
||||||
|
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: https://gitlab.gnome.org/jadahl/gnome-remote-desktop
|
URL: https://gitlab.gnome.org/jadahl/gnome-remote-desktop
|
||||||
Source0: https://download.gnome.org/sources/gnome-remote-desktop/40/%{name}-%{tarball_version}.tar.xz
|
Source0: https://download.gnome.org/sources/gnome-remote-desktop/40/%{name}-%{tarball_version}.tar.xz
|
||||||
%if 0%{?bundle_libvncserver}
|
|
||||||
Source1: https://github.com/LibVNC/libvncserver/archive/refs/tags/%{libvncserver_name}-%{libvncserver_version}.tar.gz
|
Source1: https://github.com/LibVNC/libvncserver/archive/refs/tags/%{libvncserver_name}-%{libvncserver_version}.tar.gz
|
||||||
%endif
|
|
||||||
|
|
||||||
### gnome-remote-desktop patches
|
### gnome-remote-desktop patches
|
||||||
# Adds encryption support (requires patched LibVNCServer)
|
# Adds encryption support (requires patched LibVNCServer)
|
||||||
@ -32,11 +30,9 @@ Patch0: gnutls-anontls.patch
|
|||||||
# Backport upstream leak fix (rhbz#1951129)
|
# Backport upstream leak fix (rhbz#1951129)
|
||||||
Patch1: 0001-pipewire-stream-Don-t-leak-GSource-s.patch
|
Patch1: 0001-pipewire-stream-Don-t-leak-GSource-s.patch
|
||||||
|
|
||||||
%if 0%{?bundle_libvncserver}
|
## LibVNCServer patches required for bundling
|
||||||
Patch100: 0001-build-Set-rpath-on-executable.patch
|
Patch100: 0001-build-Set-rpath-on-executable.patch
|
||||||
%endif
|
|
||||||
|
|
||||||
%if 0%{?bundle_libvncserver}
|
|
||||||
### LibVNCServer patches
|
### LibVNCServer patches
|
||||||
## TLS security type enablement patches
|
## TLS security type enablement patches
|
||||||
# https://github.com/LibVNC/libvncserver/pull/234
|
# https://github.com/LibVNC/libvncserver/pull/234
|
||||||
@ -55,7 +51,9 @@ Patch1004: 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
|
|||||||
|
|
||||||
## downstream patches
|
## downstream patches
|
||||||
Patch2000: libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch
|
Patch2000: libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch
|
||||||
%endif
|
|
||||||
|
## Don't compile SHA1 support
|
||||||
|
Patch2100: 0001-crypto-Don-t-compile-SHA1-support-when-Websockets-ar.patch
|
||||||
|
|
||||||
|
|
||||||
BuildRequires: git
|
BuildRequires: git
|
||||||
@ -146,7 +144,8 @@ mkdir -p %{_builddir}/libvncserver/
|
|||||||
-DLIB_INSTALL_DIR:PATH=%{libvncserver_install_dir}/%{_lib} \
|
-DLIB_INSTALL_DIR:PATH=%{libvncserver_install_dir}/%{_lib} \
|
||||||
-DSYSCONF_INSTALL_DIR=%{libvncserver_install_dir}/etc \
|
-DSYSCONF_INSTALL_DIR=%{libvncserver_install_dir}/etc \
|
||||||
-DWITH_FFMPEG=OFF -DWITH_GTK=OFF -DWITH_OPENSSL=OFF -DWITH_GNUTLS=ON \
|
-DWITH_FFMPEG=OFF -DWITH_GTK=OFF -DWITH_OPENSSL=OFF -DWITH_GNUTLS=ON \
|
||||||
-DWITH_SDL=OFF -DWITH_X11=OFF -DWITH_WEBSOCKETS=OFF
|
-DWITH_SDL=OFF -DWITH_X11=OFF -DWITH_WEBSOCKETS=OFF \
|
||||||
|
-DLIBVNCSERVER_WITH_WEBSOCKETS=OFF
|
||||||
%cmake_build
|
%cmake_build
|
||||||
%__cmake --install "%{__cmake_builddir}"
|
%__cmake --install "%{__cmake_builddir}"
|
||||||
popd
|
popd
|
||||||
@ -208,6 +207,10 @@ popd
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Oct 25 2021 Jonas Ådahl <jadahl@redhat.com> - 40.0-7
|
||||||
|
- Don't compile in SHA1 support
|
||||||
|
Resolves: #1936594
|
||||||
|
|
||||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 40.0-6
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 40.0-6
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Related: rhbz#1991688
|
Related: rhbz#1991688
|
||||||
|
Loading…
Reference in New Issue
Block a user